CVE-2005-1079

Vulnerability

A SQL injection vulnerability exists in index.php of zOOm Media Gallery 2.1.2, a component/module for the Mambo CMS [2]. The catid parameter is not properly sanitized before being used in SQL queries, allowing an attacker to inject arbitrary SQL commands. This affects version 2.1.2 [1][2].

Exploitation

The attacker only needs a web browser and network access to the site. No authentication is required. By crafting a URL such as http://www.example.com/index.php?option=com_zoom&Itemid=39&catid=2+OR+1=1, the injected SQL clause (OR 1=1) alters the query logic [2]. The proof-of-concept demonstrates viewing all images across all categories, but more sophisticated payloads are possible.

Impact

Successful exploitation allows reading, modifying, or deleting arbitrary data in the underlying MySQL database [1][2]. Depending on the database user's privileges, the attacker may also execute administrative operations (e.g., extracting password hashes, inserting malicious content, or potentially gaining further access to the server). The impact is a full compromise of the application's data integrity and confidentiality.

Mitigation

No official patch was released at the time of disclosure; the vendor's status is unclear, and the software may be abandoned [2]. Users should immediately upgrade to a newer, maintained gallery or implement strong input validation and parameterized queries for all user-supplied parameters, especially catid. There is no known CISA KEV listing for this CVE.